Date: Fri, 22 Dec 2006 18:52:20 -0800 From: Michael <bsdannounce@gmail.com> To: freebsd-stable@FreeBSD.ORG, gmenhennitt@optusnet.com.au Subject: Re: Block IP Message-ID: <458C99E4.5090800@gmail.com> In-Reply-To: <200612220806.kBM86HgT035285@lurza.secnetix.de> References: <200612220806.kBM86HgT035285@lurza.secnetix.de>
next in thread | previous in thread | raw e-mail | index | archive | help
I can tell you what I do about these, which may not suit your situation especially if this is on a high profile server, but if you are just running FreeBSD for your own purposes I found this to be a great tool. It's called BlockHosts and can be found here http://www.aczoom.com/cms/blockhosts/ If you are on a high profile server however I wouldn't recommend this because your hosts.allow file will fill up, otherwise you may want to check it out. Take care, Michael Oliver Fromme wrote: > Graham Menhennitt wrote: > > Christopher Hilton wrote: > > > If it's at all possible switch to using public keys for authentication > > > with ssh and disallow password authentication. This completely stops > > > the brute forcing attacks from filling up your periodic security mail. > > Are you sure about that? I only allow PublickeyAuthentication ssh2 > > connections but I get lots of security mail messages like: > > > > Nov 16 01:44:08 maxwell sshd[70067]: Invalid user marcos from 202.54.49.7 > > Nov 16 01:44:23 maxwell sshd[70067]: reverse mapping checking getaddrinfo for 49-7.broadband.vsnl.net.in failed - POSSIBLE BREAKIN ATTEMPT! > > Those are caused by different things. They're not caused > by wrong passwords, but by an illegal user name (first line) > or by non-matching reverse DNS (second line). These things > are checked even bevore any user keys are exchanged, so the > authentication method doesn't matter. > > They can be savely ignored, because you're immune to brute- > force attacks. If you don't want to see them, a simple > "egrep -v ..." in /etc/periodic/security/800.loginfail will > do. > > Best regards > Oliver > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?458C99E4.5090800>